Information systems are some of the most important assets of an organization. Information systems that store privileged or sensitive information need to be secured with utmost vigilance and care, as exploiting these systems by unauthorized users or entities may result in financial and business loses.
Various compliance organizations, rules, regulations, and standards are created to aid organizations and those who audit them create and enforce policies that minimize risk of unauthorized access of important information systems and the data stored on those systems. As part of these policies organizations utilize various techniques to control, monitor and report on access to important information system assets.
Traditional solutions include segmenting networks such that only entities with access to those networks can access information system assets deployed in that network. This solution results in overly broad access when entities require access only to a particular asset vs. all assets in a network. Other solutions involve setting up login or access credentials with various access rights for each system and sharing those credentials with only the entities that require access to those systems. Setting up access credentials per asset and attempting to disseminate that information only to select entities is expensive to coordinate, maintain, and provide accurate audit trail.
Some organizations use a combination of these techniques increasing the cost to organization with marginal improvement in granular access control and audit reporting.
Based on the foregoing, there is a clear need for approaches that provide and enforce real time access controls to sensitive assets that provides granular access control, is easy to setup, administer, maintain, use, and audit.